Inline SSL Monitor Mode
Use the inline SSL monitor mode to assist in understanding your network topology. Monitor mode provides information about the traffic going to the GigaSMART card, which can help to learn about your deployment. When monitor mode is enabled, the monitor application collects information such as TCP ports used and VLAN information about the incoming traffic.
After inline SSL decryption is configured and monitor mode is enabled, the inline SSL application does not terminate the session. Instead, the monitor application collects information and forwards packets to the tool port or network port based on the configuration of the non-SSL TCP bypass action. For any Monitor mode, you can enable or disable seamlessly without any other configuration changes.
Monitor mode is disabled by default. To enable the monitor mode, refer to Configure the Inline SSL Monitor Mode.
For packets coming from the network port, the monitor application collects packet flow information.
From the information collected from monitor mode, you can analyze the following cases:
| duplicate TCP SYN—For a given session, the SYN messages with a different packet signature than 5tuple, for example, a different VLAN ID, indicates the packet is coming from multiple paths. |
| asymmetric routing—For a given session, packets arriving from multiple network interfaces indicates a packet is coming from multiple paths. |
Inline SSL Monitor mode only captures TCP information, not SSL information. However Inline SSL Persistent Monitor mode captures both TCP and SSL information.
Note: Monitor mode is supported for standalone nodes only, not for nodes in a cluster.
Configure the Inline SSL Monitor Mode
You can enable or disable the inline SSL monitor mode, or enable persistent inline SSL monitor mode using either CLI command or GigaVUE‑FM.
To enable or disable the monitor mode using CLI, run the following CLI command:
(config) # apps inline-ssl profile alias sslprofile monitor enable
(config) # apps inline-ssl profile alias sslprofile monitor disable
To enable the persistent monitor mode using CLI, run the following CLI command:
(config) # apps inline-ssl profile alias sslprofile monitor inline
To enable the monitor mode using GigaVUE‑FM:
| 1. | From the device view, go to GigaSMART > Inline SSL > SSL Profiles. |
| 2. | Click Edit. |
| 3. | From the SSL Monitor Mode drop-down list, select |
| Disable to disable SSL monitor mode, and enable SSL decryption/encryption. |
| Enable to enable SSL monitor mode, and disable SSL decryption/encryption. |
| Inline to enable persistent monitor mode (both SSL monitor mode, and SSL decryption/encryption). |
| 4. | Click OK. |
